By Noah Shachtman Danger Room Wired.com 11.27.12
A slew of American officials have blamed Iran for attacks on the servers of Bank of America, Well Fargo, HSBC, and other western banks. But the hackers taking credit for the sophisticated distributed denial-of-service strikes say that’s all wrong; they claim they hit the financial institutions because they were pissed off about “The Innocence of Muslims,” the infamous viral video making fun of the Prophet Muhammad. Tehran didn’t have a thing to do with it.
“We are not dependent on any government. We merely wanted to protest against the insulting movie,” people claiming to be part of the Izz ad-Din al-Qassam Cyber Fighters tell the Flashpoint Partners research group in an interview (.pdf).
There’s no telling if the denial is legitimate — or if the people being interviewed are behind the bank attacks at all. But the interviewees are dead on when they say that ”there are some ones who want to portray this action [the bank hacks] as political.” Shortly after the U.S. Defense Secretary talked about the bank jobs, unnamed American officials began whispering that they were the work of Iran.
The bank attacks this fall weren’t typical DDOS operations, which merely seek to overload servers with junk traffic. For one, they generated up to 100 gigabits per second of data — 10 to 20 times more than what it usually takes to knock a site offline. The attackers overwhelmed routers, servers, and server applications all at once; typical DDOSers target just one. They specifically targeted the banks’ Domain Name Server architecture, which translates website names (“cash.com”) into numerical internet-protocol addresses. And their traffic largely came from legitimate IP address, making it tough for the banks to filter. The websites for PNC Bank, Wells Fargo, Bank of America, and other institutions buckled in quick succession; customers had trouble transferring funds and paying bills online.
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org